Home Rogue Websites Webplains.net


Posted: September 6, 2011

Webplains.net Screenshot 1Webplains.net is a fake search engine and news website, as well as a browser hijacker that redirects you to the Webplains.net website. As a browser hijacker, Webplains.net will modify crucial Windows system files without your permission and redirect your web browsers to Webplains.net on a repeated basis. Because these hijacks are based on alterations to advanced Windows components, changing your web browser will not cause them to stop. However, SpywareRemove.com malware researchers have found that Webplains.net can easily be removed by a good anti-malware program, provided that the program has all of the latest threat definition updates to detect Webplains.net in the first place.

Several Good Reasons to Avoid Roaming Webplains.net

Webplains.net pretends to be a helpful site that can provide useful search results and news articles, but the truth behind Webplains.net is that it is filled with click fraud and malicious software. Because Webplains.net has an overall poor reputation and has been definitively linked to the distribution of browser hijackers, you should avoid any contact with the Webplains.net website and never trust any of Webplains.net's links or search results. Visiting Webplains.net or an affiliated website may, in and of itself, infect you with Trojans, viruses or other forms of PC threats via browser exploits and drive-by-download scripts.

Although you may wander onto Webplains.net by accident, most Webplains.net traffic comes from the Webplains.net browser hijacker. This hijacker may activate at any time, but SpywareRemove.com malware experts have found that Webplains.net prefers to trigger after attempts at using popular search engines and email services (such as Google or Yahoo Mail). Webplains.net will make no bones about forcing you to visit Webplains.net whether you want to do so or not and hence, any browser use while a Webplains.net hijacker is active can be considered to be a potential risk to your computer's safety.

Blow Webplains.net Off of Your Map of Online Destinations

Although your first reaction upon finding a Webplains.net infection may be to delete your web browser or alter your web browser's settings, these changes will not have any effect on a Webplains.net browser hijacker. Since Webplains.net browser hijacks modify Windows Hosts files and make other forms of advanced changes to baseline Windows components, modifying your browser in any way will fail to address the source of the Webplains.net infection.

However, you can remove Webplains.net with ease if you're willing to use standard anti-malware tactics and applications. Safe Mode is recommended for boot options, for acquiring an environment that avoids launching Webplains.net automatically and, after this, deleting Webplains.net is as easy as running your preferred anti-malware program. Since Webplains.net browser hijackers are a fairly recent PC threat as noted by SpywareRemove.com malware analysts, you may also want to check for updates to your software's threat databases, before you initiate a system scan.

Technical Details

File System Modifications

The following files were created in the system:

%Windows%\system32\DRIVERS\mrxsmb.sys File name: %Windows%\system32\DRIVERS\mrxsmb.sys
File type: System file
Mime Type: unknown/sys
%Windows%\system32\consrv.dll File name: %Windows%\system32\consrv.dll
File type: Dynamic link library
Mime Type: unknown/dll

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4


  • remove Webplains.net says:

    Worked perfectly to remove this junk. Thanks

  • mike says:

    Hi I just purchased xp windows 2010 by accident. It seemed like it was the only thing to do to get my computer to run. Aftr i purchased it I canceled my credit card. But is it still ok to run my computer with this in the backround. Also If i get another antivirus will it get rid of it.